PROCESS_ENERGY_VALUES

Each EPROCESS may point to a PROCESS_ENERGY_VALUES structure. A copy can be extracted to a SYSTEM_PROCESS_INFORMATION_EXTENSION through the ZwQuerySystemInformation function.

The PROCESS_ENERGY_VALUES is 0x90 bytes in both 32-bit and 64-bit Windows.

Offset Definition
0x00 
ULONGLONG Cycles [4][2];
0x40 
ULONGLONG DiskEnergy;
0x48 
ULONGLONG NetworkTailEnergy;
0x50 
ULONGLONG MBBTailEnergy;
0x58 
ULONGLONG NetworkTxRxBytes;
0x60 
ULONGLONG MBBTxRxBytes;
0x68 
union {
    ULONG Foreground : 1;
    ULONG WindowInformation;
};
0x6C 
ULONG PixelArea;
0x70 
LONGLONG PixelReportTimestamp;
0x78 
ULONGLONG PixelTime;
0x80 
LONGLONG ForegroundReportTimestamp;
0x88 
ULONGLONG ForegroundTime;

This page was created on 3rd November 2016 and was last modified on 9th November 2016.

Copyright © 2016. Geoff Chappell. All rights reserved. Conditions apply.